CVE-2024-35880
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-35880
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-35880.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-35880
- Downstream
- Related
- Published
- 2024-05-19T08:34:37Z
- Modified
- 2025-10-21T21:27:17.554153Z
- Summary
- io_uring/kbuf: hold io_buffer_list reference over mmap
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
iouring/kbuf: hold iobuffer_list reference over mmap
If we look up the kbuf, ensure that it doesn't get unregistered until after we're done with it. Since we're inside mmap, we cannot safely use the iouring lock. Rely on the fact that we can lookup the buffer list under RCU now and grab a reference to it, preventing it from being unregistered until we're done with it. The lookup returns the iobuffer_list directly with it referenced.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced09f7520048eaaee9709091cd2787966f807da7c5Fixed65938e81df2197203bda4b9a0c477e7987218d66
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced5cf4f52e6d8aa2d3b7728f568abbf9d42a3af252Fixed5fd8e2359498043e0b5329a05f02d10a9eb91eb9
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced5cf4f52e6d8aa2d3b7728f568abbf9d42a3af252Fixed561e4f9451d65fc2f7eef564e0064373e3019793
Affected versions
v6.*
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.8.1
v6.8.2
v6.8.3
v6.8.4
v6.9-rc1
v6.9-rc2